Skip to main content

Comparative Analysis of Open-Source Vulnerability Scanners for IoT Devices

  • 283 Accesses

Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT,volume 101)

Abstract

Internet of Things devices are commonly overlooked when it comes to security. Deployment follows the trend that the devices are powered on and installed, often without proper configuration or regards to the security they possess. Being Internet connected, these devices should be held to the security standards that other systems are held to. Vulnerability scanners are the most effective and least time-consuming method to determine the vulnerabilities present on a device and provide insight on steps for mitigation and hardening. However, these scanners do not inherently support the lightweight, low powered, and proprietary nature of IoT devices. This paper analyzes and compares the use of several well-known and lesser-known open-source vulnerability scanners used with home IoT devices. The aim is to cover all aspects of using these programs: the ease of use, support available, effectiveness of the scanners, direction provided in mitigation, and various operational metrics. In the end, a comprehensive analysis of each scanner will be provided, discussing the advantages and disadvantages of each, as well as their best use cases. The intention of these results is to provide an informative viewpoint on what vulnerability scanner should be selected for an individual based on a hands-on analysis and comparison.

Keywords

  • Internet of things (IoT)
  • Vulnerability scanner
  • Open source

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-981-16-7610-9_58
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   219.00
Price excludes VAT (USA)
  • ISBN: 978-981-16-7610-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   279.99
Price excludes VAT (USA)

References

  1. Goasduff L (2021) Gartner Says 5.8 Billion enterprise and automotive IoT endpoints will be in use in 2020. https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io. Accessed 8 June 2021

  2. Mahmoud R, Yousuf T, Aloul F, Zualkernan I (2015) Internet of things (IoT) security: current status, challenges and prospective measures. 2015 10th International conference for internet technology and secured transactions (ICITST). IEEE, New York, pp 336–341

    CrossRef  Google Scholar 

  3. Deogirikar J, Vidhate A (2017) Security attacks in IoT: a survey. In: 2017 International conference on I-SMAC (IoT in social, mobile, analytics and cloud) (I-SMAC). IEEE, New York, pp 32–37 (2017)

    Google Scholar 

  4. Chalvatzis I, Karras DA, Papademetriou RC (2019) Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment. In: 2019 IEEE international conference on artificial intelligence and computer applications (ICAICA). IEEE, New York, pp 52–58 (2019)

    Google Scholar 

  5. Amro A (2020) Iot vulnerability scanning: a state of the art. Comput Security, pp 84–99 (2020)

    Google Scholar 

  6. Markowsky L, Markowsky G (2015) Scanning for vulnerable devices in the internet of things. 2015 IEEE 8th International conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), vol 1. IEEE, New York, pp 463–467

    Google Scholar 

  7. Hassija V, Chamola V, Saxena V, Jain D, Goyal P, Sikdar B (2019) A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7:82721–82743

    CrossRef  Google Scholar 

  8. Anand P, Singh Y, Selwal A, Alazab M, Tanwar S, Kumar N (2020) IoT vulnerability assessment for sustainable computing: threats, current solutions, and open challenges. IEEE Access 8:168825–168853

    CrossRef  Google Scholar 

  9. Corp F (2021) Vuls. https://github.com/future-architect/vuls. Accessed 8 June 2021

  10. Rahalkar S (2019) Openvas. Quick start guide to penetration testing. Springer, Berlin, pp 47–71

    CrossRef  Google Scholar 

  11. Mikulskis J, Becker JK, Gvozdenovic S, Starobinski D (2019) Snout: an extensible IoT pen-testing tool. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 2529–2531

    Google Scholar 

  12. Vulscan (2021) https://github.com/scipag/vulscan. Accessed 8 June 2021

  13. Rapid7 (2017) IoTSeeker: locate connected IoT devices and check for default passwords. https://information.rapid7.com/iotseeker.html. Accessed 8 June 2021

  14. Bugeja J, Jönsson D, Jacobsson A (2018) An investigation of vulnerabilities in smart connected cameras. 2018 IEEE international conference on pervasive computing and communications workshops (PerCom workshops). IEEE, New York, pp 537–542

    CrossRef  Google Scholar 

  15. Yang H, Lee W, Lee H (2018) Iot smart home adoption: the importance of proper level automation. J Sensors 2018 (2018)

    Google Scholar 

  16. Singh KJ, Kapoor DS (2017) Create your own internet of things: a survey of iot platforms. IEEE Consumer Electron Maga 6(2):57–68

    CrossRef  Google Scholar 

  17. Jin Y (2018) IoT/CPS security vulnerability database. https://iot.institute.ufl.edu/academics/iot-cps-security-vulnerability-database/. Accessed 9 June 2021

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sajal Bhatia .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

deRito, C., Bhatia, S. (2022). Comparative Analysis of Open-Source Vulnerability Scanners for IoT Devices. In: Hemanth, D.J., Pelusi, D., Vuppalapati, C. (eds) Intelligent Data Communication Technologies and Internet of Things. Lecture Notes on Data Engineering and Communications Technologies, vol 101. Springer, Singapore. https://doi.org/10.1007/978-981-16-7610-9_58

Download citation